From 6ae075ff5139a7e19795cca12ddb682ba1ed32ce Mon Sep 17 00:00:00 2001 From: David Rocamora Date: Wed, 12 Feb 2014 23:02:20 +0000 Subject: [PATCH] WIP - IAM role support --- awsauth.go | 2 +- awsauth_test.go | 5 +++-- common.go | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 3 deletions(-) diff --git a/awsauth.go b/awsauth.go index 2b15422..917d34f 100644 --- a/awsauth.go +++ b/awsauth.go @@ -14,7 +14,7 @@ var Keys *Credentials type Credentials struct { AccessKeyID string SecretAccessKey string - SecurityToken string + SecurityToken string `json:"Token"` } // Sign signs a request bound for AWS. It automatically chooses the best diff --git a/awsauth_test.go b/awsauth_test.go index f9593c0..978fe61 100644 --- a/awsauth_test.go +++ b/awsauth_test.go @@ -4,7 +4,7 @@ import ( . "github.com/smartystreets/goconvey/convey" "net/http" "net/url" - "os" + //"os" "strings" "testing" ) @@ -138,7 +138,8 @@ func TestSign(t *testing.T) { } func envCredentialsSet() bool { - return os.Getenv(envAccessKeyID) != "" && os.Getenv(envSecretAccessKey) != "" + // return os.Getenv(envAccessKeyID) != "" && os.Getenv(envSecretAccessKey) != "" + return true } func newRequest(method string, url string, v url.Values) *http.Request { diff --git a/common.go b/common.go index 45e0c7b..6d9fd04 100644 --- a/common.go +++ b/common.go @@ -14,6 +14,7 @@ import ( "os" "strings" "time" + "encoding/json" ) func serviceAndRegion(host string) (string, string) { @@ -47,8 +48,53 @@ func checkKeys() { os.Getenv(envAccessKeyID), os.Getenv(envSecretAccessKey), os.Getenv(envSecurityToken), + } } + // if accesskey and the secretkey are blank, get the key from the role + if Keys.AccessKeyID == "" { + + Keys = getIAMRoleCredentials() + } + // if the expiration is set and it's less than 5 minutes in the future, get a new key +} + +func getIAMRoleCredentials() *Credentials { + + // Hack city!! + + // Get a list of the roles that are available to this instance + url := "http://169.254.169.254/latest/meta-data/iam/security-credentials/" + client := &http.Client{} + req, _ := http.NewRequest("GET", url, nil) + resp, _ := client.Do(req) + buf := new(bytes.Buffer) + buf.ReadFrom(resp.Body) + role := buf.String() + + + + // append the url to get the url to the role + var buffer bytes.Buffer + buffer.WriteString(url) + buffer.WriteString(role) + roleurl := buffer.String() + + // Get the role + + rolereq, _ := http.NewRequest("GET", roleurl, nil) + + + roleresp, _ := client.Do(rolereq) + rolebuf := new(bytes.Buffer) + rolebuf.ReadFrom(roleresp.Body) + + creds := Credentials{} + + _ = json.Unmarshal(rolebuf.Bytes(), &creds) + + return &creds + } func augmentRequestQuery(req *http.Request, values url.Values) *http.Request {